Re: Improved security for https://www.postgresql.org/docs/current/install-make.html
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Improved security for https://www.postgresql.org/docs/current/install-make.html |
| Дата | |
| Msg-id | 19968047-83d1-4582-af56-cf4ddfc25c2e@eisentraut.org обсуждение исходный текст |
| Ответ на | Improved security for https://www.postgresql.org/docs/current/install-make.html (PG Doc comments form <noreply@postgresql.org>) |
| Ответы |
Re: Improved security for https://www.postgresql.org/docs/current/install-make.html
|
| Список | pgsql-docs |
On 06.11.24 22:58, PG Doc comments form wrote: > The 'short' script can then be rewritten as > > ``` > # work done as a regular user > ./configure > make build > > # work that requires ROOT access > su > mkdir /usr/local/pgsql/data > chown (current user):(current group) /usr/local/pgsql > adduser --system --group postgres > exit > > # work that requires POSTGRES access > su -u postgres > make install installdirs > exit We don't want the installed files to be owned by postgres. That would mean that a compromised PostgreSQL server (running as "postgres") could overwrite its own installation files. You don't have to use "root" for the installation, of course, but it should be separate from "postgres".
В списке pgsql-docs по дате отправления: